Safety Critical Software Configuration Management...
Transcript of Safety Critical Software Configuration Management...
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Safety Critical SoftwareSafety Critical Software Configuration Management
Practices
Linda Westfall
Copyright © 1999-2010 Westfall Team, Inc. All Rights Reserved.
International Conference on Software Quality – ICSQ 2011
Westfall Team, Inc.
Configuration Management Defined
A discipline applying technical & administrative direction & surveillance to:
Identify & document the functional & physical characteristics of a configuration item
Control changes to those characteristics
Record & report change processing & implementation status
Verify compliance with specified requirementsVerify compliance with specified requirements[ISO/IEC 24765]
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
SCM Maintains a Balance
StabilityFlexibility
“Software configuration management is necessary to enable large teams to work together in a stable environment, yet still have the flexibility that’s needed to do creative work.”
[SPNM-98]
The Good News – It’s Not All or Nothing
Work Product
Creation
Various Levels of Control Rigor
ReleaseReviewDevelopment
TestIndependent
Test
Complete Flexibility
Complete Stability
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
SCM Activities
Software Development
Management of the SCM Functions
SCM Planning
Software ConfigurationIdentification
Software Configuration
Control
Software Configuration
Status Accounting
Software Configuration
AuditingProduct
Release & Distribution
Software Configuration Management Standards
AS9100C: 7.1.3 Configuration Management
The organization shall establish, implement and maintain a configuration management process that includes, as appropriate to the product
a) configuration management planning
SCM Identification Activities
Identification is the SCM function that includes:
Identifying software configuration items to be controlled
Assigning unique identifiers to each product & its components, & associated documents
Defining important characteristics of each configuration item & identifying the owner
Identifying component, data & product acquisition i t & it ipoints & criteria
Establishing & controlling baselinesAS9100C: 7.1.3 Configuration Management
The organization shall establish, implement and maintain a configuration management process that includes, as appropriate to the product
b) configuration identification
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
What Are Configuration Items?
Configuration item:
A work product placed under configuration management & treated as a single entity
“A collection of hardware or software elements treated as a unit for the purpose of configuration control” [NQA-1a]
Selecting Configuration Items
The following items should be placed under configuration management:
Externally delivered software products & data
Designated internal software work products & data
Designated support tools used to create or support the software product
Supplier/vendor supplied software
Customer supplied equipment/softwarepp q pNQA-1a: Subpart 2.7 Quality Assurance Requirements for Computer Software for Nuclear
Facility Applications
203 Software Configuration Management: “Configuration items to be controlled shall include, as appropriate:
1. documentation (e.g., software design requirements, instructions for computer program use, test plans, and results);
2. computer programs (e.g., source, object, back-up files); and
3. support software.
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Baseline Defined
1. “A specification or product that has been formally reviewed & agreed upon, that thereafter serves as the basis for further development, & that can be changed only through formal change controlchanged only through formal change control processes” [NQA-1a]
2. A document or set of such documents formally designated & fixed at a specific time during the life cycle of a configuration item
Baselines identify how software entities:
Are related to each other
Are related to software life cycle milestones
[ISO/IEC 24765]
Functional Baseline
Types of Baselines
System Requirements
Allocated Baselines
NQA-1a: Requirements 3 - Design Control
802.1 Configuration Identification: “A software baseline shall be established at the completion of each activity of q
Software Requirements
Design
Implement
Development
Baselines
Product Baseline
p ythe software design process. Approved changes created subsequent to a baseline shall be added to the baseline. A baseline shall define the most recently approved software configuration.
pTest
System TestDevelopmental Baselines
Operations
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Baselines
Baselines should be defined for specific control points in the life cycle.
For each baseline, this definition includes:
Event that creates the baseline
Items controlled
Procedures for establishing & changing the baseline
A th it i d t h t thAuthority required to approve changes to the baseline
Acquisition
“One critical aspect for control of work products is the proper timing for when they enter into configuration management.” [SPMN-98]
Quality G
ate
Creation or Update of
a Work Product
Acquisition:Work Product Placed
Under CM
e
Developer controls changes to work
product
Formal change authority controls changes to work
product
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Assigning Unique Identifiers
SCM provides a way to uniquely identify each:
Revision, version & release
DocumentDocument
Software component (source code module, data)
BaselineNQA-1a: Requirements 3 - Design Control
802.1 Configuration Identification (cont.): “A labeling system for configuration items shall be implemented that:
a) uniquely identifies each configuration item;a) uniquely identifies each configuration item;
b) identifies changes to configuration items by revision; and
c) provides the ability to uniquely identify each configuration of the revised software available for use.”
ISO 13485-2003: 7.5.3.1 Identification
The organization shall identify the product by suitable means throughout product realization and shall establish documented procedures for such product identification.
Configuration Control RequirementsNQA-1a: Requirements 3 - Design Control
802.2 Configuration Control: “Changes to software shall be formally documented. The documentation shall include:
a) a description of the change;
b) the rationale for the change; andb) the rationale for the change; and
c) the identification of affected software baselines.
The change shall be formally evaluated and approved by the organization responsible for the original design, unless an alternate organization has been given the authority to approve the changes. Only authorized changes shall be made to software baselines. Appropriate verification activities shall be performed for the change. The change shall be appropriately reflected in documentation and traceability of the change to the software design requirement shall be maintained. Appropriate acceptance testing shall be performed for the change.”
NQA-1a: Subpart 2.7 Quality Assurance Requirements for Computer Software for Nuclear Facility Applications
203 Software Configuration Management (cont.): “The software configuration change control control process shall include:
1. initiation, evaluation, and disposition of a change request
2. control and approval of changes prior to implementation; and
3. requirements for retesting and acceptance of the test results
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Configuration Control RequirementsISO 13485-2003: 7.3.7 Control of design and development changes
Design and development changes shall be identified and records maintained. The changes shall be reviewed, verified, and validated, as appropriate, and approved before implementation. The review of design and development changes shall include evaluation of the effect of the changes on constituent parts and product already delivered.
AS9100C: 7.1.3 Configuration Management
The organization shall establish, implement and maintain a configuration management process that includes, as appropriate to the product
c) change control
AS9100C: 7.3.7 Control of Design and Development Changes
Design and development changes shall be controlled in accordance with the configuration g p g gmanagement process.
AS9100C: 7.6 Control of Monitoring and Measuring Equipment
NOTE: Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.
What is Configuration Control?
The systematic process that ensures that changes to a baseline are:
Properly identified
Documented
Evaluated for impact
Approved by an appropriate level of authority
Incorporated
Verified
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Configuration Control
The configuration control process must answer these questions:
When is control initiated?
By what means is an entity placed under control?
What is the control process?
• Levels of control each work product passes through
Ch th it t h l l• Change authority at each level
• Procedure for obtaining authorization for changes
• Procedure for implementing & verifying change
Controlled Software Artifacts
Controlled Software Artifacts
Uncontrolled Software Artifacts
Control of
Configuration Items
Quality Records
Configuration Control
Control of Quality
Records
Document Control
Change Control
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Configuration Control Procedures
Configuration control procedures include:
Mechanisms for requesting & documenting changes to controlled work products
Requirements for performing impact analysis for each requested change
Mechanisms for informing affected stakeholders of the change request & soliciting their input to impact analysis
An authority exists for making decisions on accepting or rejecting change request
Configuration Control Procedures (cont.)
Mechanisms for informing affected stakeholders of the decision to accept or reject the change & for obtaining their commitment to the change if it is acceptedaccepted
Mechanisms for tracking requested changes from submission through final disposition (rejection or completion of the change)
Mechanism for verifying the change
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Assign Author
Create/ Change
Change Control Process
Disapprove Change
Communicate Reasons for Disapproval
NoChange Configuration
Item
Verification
Fix/Change
Private Defects
Approve Change
WaitDefer
CCB Decision
?
Issue Change Request
Yes
Internal Use
Problem/ Enhancement
Identified ?
No
Release: Baselined for external use
Operations
Problem/ Enhancement
Identified ?
Yes
No
Acquisition: Baselined for internal use
Document Control Process
Initial Development of Configuration
Item
R k
Create Updated Draft Configuration
Item
Rework
Acquisition: Baselined
for use
No
Delete Draft & Communicate Reasons for
Rework
Verify Configuration
Item
Rework
Private Changes
Verify Updated Draft
Configuration Item
Private ChangesInternal Use
Problem/ Enhancement
Identified ?
Yes
Disapproved
WaitDefer
CCB Decision
?
Approved
Reasons for Disapproval
No
Release: Baselined for external use
pp
Being Used?
Internally
Baseline updated
configuration items
Remove Prior Version of
Configuration Item from Use or Mark Obsolete
Operations
Problem/ Enhancement
Identified ?
Yes
In Operations
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Configuration Control Board (CCB)
A Configuration Control Board (CCB) is beneficial because it:
Provides authority
Ensures change authorization before implementation
Provides visibility in change control process
Provides a vehicle for impact analysis
F ilit t ll tiFacilitates resource allocation
Plays an integral role in keeping the software development process under control
Multiple Levels of CCBs - Examples
Different levels of CCBs can be used to balance between the need for control & the need to streamline the change process.
Examples include:
System/product level CCB controls changes to the functional baseline & product baseline
Subsystem level CCBs control changes to the allocated baselines
Software development level CCBs control changes to the developmental baselines
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Multiple Levels of CCBs – Code ExampleChange
Authority
Product Level CCB
Release product that
includes code
Software Development
Level CCB
Promote code to integration
test
Project Level CCB
Promote code to system test
Developer Create code or make authorized
changes
Team Level CCB
Acquire code for baseline
Multiple Levels of CCBs – SRS Example
Change
Software Requirements Specification (SRS) example:
Authority
Project Level CCB
Acquire SRS for baseline
Product Level CCB
Release product that includes
software defined by that SRS
Software Analysis
Create SRS or make authorized
changes
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Product level CCB
Project level CCB
CCB Membership - Examples
Customers/users
Systems engineering
Hardware development manager
Documentation / technical publications
Software development manager
SQA
SCM
V&VSoftware level CCB
Team level CCB
V&V
Software analysts
Software architecture/designer
Software engineers
Impact Analysis Checklist
Items to consider include:
Size & complexity of the change
Severity of the changeSeverity of the change
Schedule impacts
Cost impacts
Effort impacts
Technical impacts p
Relationships to other changes
Testing requirements
Benefits of the change
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Backward Traceability & Impact Analysis
Source Code
Unit ABC
Design
Design Element A
Requirements
Requirement R1302 Element AR1302
ISO 13485-2003: 7.5.3.2 Traceability (7.5.3.2.1 General)
The organization shall establish documented procedures for traceability. Such procedures shall define the extent of product traceability and the records required.
Where traceability is a requirement, the organization shall control and record the unique identification of the product.
NOTE—Configuration management is a means by which identification and traceability can g g y ybe maintained.
AS9100C: 7.5.3 Identification and Traceability
NOTE In some industry sectors, configuration management is a means by which identification and traceability are maintained
Forward Traceability & Impact Analysis
Source Code
Unit ABC
DesignRequirements
Design Element A
Unit DEF
Unit Test Cases
Unit TC A1
Unit TC B1
Requirement R1302
Unit GHI
Unit Y01
Unit Y02Design Element Y
Design Element X
Training Materials
Training Doc 1
Unit TC D1
Training Doc 2
User Documentation
User Doc 1
System Test Cases
Sys TC 392
Sys TC 393
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Status Accounting RequirementsNQA-1a: Requirements 3 - Design Control
802.3 Configuration Status Control: “The status of configuration items resulting from software design shall be maintained current. Configuration item changes shall be controlled until they are incorporated into the approved product baseline. The controls shall include a process for maintaining the status of changes that are proposed and approved, but not implemented. The controls shall also provide for notification of thisapproved, but not implemented. The controls shall also provide for notification of this information to affected organizations.”
ISO 13485-2003: 7.3.7 Control of design and development changes
Records of the results of the review of changes and any necessary actions shall be maintained.
AS9100C: 7.1.3 Configuration Management
The organization shall establish, implement and maintain a configuration management g g gprocess that includes, as appropriate to the product
d) configuration status accounting
Status Accounting
The configuration status tracking system should keep track of:
Product description records
Status of each controlled software component
Contents & status of each build/release
Contents of each baseline
Configuration verification records
Change status records (defects & enhancements)
Installation status of all configuration items at all locations
[SPMN-98]
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Configuration Item Dependencies
Test Cases, Procedures & Scripts
Tested With
Configuration Items, Components & Units
Target Platforms & Environments
Described ByBuilt Into Runs On
Software Builds
Tools, Macros, Libraries & Platform
User Documentation
Built UsingSupported BySpecifications
Functional Configuration Audits
Audits conducted to verify that:
The development of a configuration item has been completed satisfactorily
The item has achieved the performance & functional characteristics specified
Its operational & support documents are complete & satisfactory
AS9100C: 7.1.3 Configuration Management
The organization shall establish implement and maintain a configuration management
[ISO/IEC 24765]
The organization shall establish, implement and maintain a configuration management process that includes, as appropriate to the product
e) configuration audit
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Conducting a Functional Configuration Audit
The functional configuration audit includes:
An audit of the formal test documentation against test data
An audit of the verification & validation reports
A review of all approved changes
A review of updates to previously delivered documents
A sampling of design review outputs
A comparison of code with documented requirements
A review to ensure all testing was accomplished
The FCA may include additional sample testing.
[Kasse-00]
Physical Configuration Audits
Audits conducted to verify that:
A configuration item, as built, conforms to the technical documentation that defines it
• All items identified as being part of the configuration are present in the product baseline
• The correct version & revision of each part are included in the product baseline
• They correspond to information contained in theThey correspond to information contained in the baseline’s configuration status report
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Conducting a Physical Configuration Audit
The physical configuration audit includes:
An audit of the system specification for completeness
An audit of the FCA report for discrepancies & actions taken
A comparison of the architectural design with the detailed design components for consistency
A review of the module listing for compliance with d di t d dapproved coding standards
An audit of the manuals for format completeness & conformance to systems & functional descriptions
[Kasse-00]
Questions?
Copyright © 1998-2011 Westfall Team, Inc. All Rights Reserved.
Contact Information
Linda Westfall3000 Custer Road
Suite 270, PMB 101Plano, TX 75075-4499
phone: (972) 867 1172phone: (972) 867-1172fax: (972) 943-1484
email: [email protected]
www.westfallteam.com